<?
require 'global.php';
include(ROOT."common/mail_send.php");

if($customer_id>0) { header('Location:member.html'); exit; }

$gee=$customer;
$email_template=new DB(Temail_template,$conn);
$url='forgot_password';

$do=isset($_SESSION["do"])?clean($_SESSION["do"]):'view'; // 操作: 查看/编辑/删除 
if(isset($_GET['do'])) $do=clean($_GET['do']); // 
$tem_email='';if(isset($_SESSION['tem_email'])) $tem_email=$_SESSION['tem_email'];

$action='you guess';
if(isset($_POST["action"]) && $_POST["action"]!="")$action=clean($_POST["action"]);

// 发送验证码
if($action=='find'){
	$key='you guess'; // safety key 安全码, 过滤非法提交
	if(isset($_POST["key"]) && $_POST["key"]!="") $key=clean($_POST["key"]);
	if($key != md5('ecomgear'.date('Ymd'))){ yell(WEB_INVALID_ACCESS,'./'); exit; }

	$email='';
	if(isset($_POST["email"]) && $_POST["email"]!="") $email=clean($_POST["email"]);
	if($email==''){ wheel('./'); exit; }

	if($gee->check_unique('email',$email)){ // 检查账号是否存在
		$code=sha1($email.date('d'));
		$code=substr($code, 0,6);
		$ver_code=strtoupper($code);

		// 邮件变量 email variables
		$var_email=array(
			'%nickname%'=>$customer_nickname,
			'%date%'=>date('Y-m-d'),
			'%datetime%'=>date('Y-m-d H:i:s'),
			'%url%'=>$baseurl,
			'%code%'=>$ver_code,
			'%company%'=>$config['SITE_COMPANY_'.LANG],
		);
		// replace vars 替换变量
		$arr_email = $email_template->get_row(1);
		$subject=$arr_email['subject_'.$lang];
		$body=$arr_email['content_'.$lang];
		foreach ($var_email as $key => $value) {
			$subject=str_replace($key, $value, $subject);
			$body=str_replace($key, $value, $body);
		}
		// pre($subject);
		// pre($body);
		// exit;
		// $subject=WEB_RESET_PASSWORD.' - '.$baseurl.' - '.date('Y-m-d');
		$body='<!doctype html><html>
		<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<title>'.$subject.'</title></head>
		<body>'.$body.'</body></html>';
		$arr=array(
			'to'=>array($email),
			'subject'=>$subject,
			'body'=>$body,
			'host'=>EMAIL_HOST,
			'account'=>EMAIL_ACCOUNT,
			'password'=>EMAIL_PASSWORD,
			'port'=>EMAIL_PORT,
			'name'=>EMAIL_NAME,
			'ssl'=>EMAIL_SSL,
		);
		//pre($arr);
		//mail_send($arr); 
		try{ 
			mail_send($arr);
			$_SESSION['tem_email']=$email;
			$_SESSION['do']='code';
			cry(WEB_VERIFICATION_CODE_SENT, 'forgot_password.php');
		}
		catch(Exception $e){
			pre($e->message());
			exit;
			yell(WEB_VERIFICATION_CODE_SENT_FAILED, 'forgot_password.php');
		}
	}
	else yell(WEB_ACCOUNT_NOT_EXIST, 'forgot_password.php');
}

// 显示改密页面
if($action=='pass'){
	$key='you guess'; // safety key 安全码, 过滤非法提交
	if(isset($_POST["key"]) && $_POST["key"]!="") $key=clean($_POST["key"]);
	if($key != md5('ecomgear'.date('Ymd'))){ yell(WEB_INVALID_ACCESS,'./'); exit; }

	$email='';
	if(isset($_POST["email"]) && $_POST["email"]!="") $email=clean($_POST["email"]);

	$tem_code = clean($_POST["code"]);
	$code=sha1($email.date('d'));
	$code=substr($code, 0,6);
	$ver_code=strtoupper($code);
	if($tem_code != $ver_code) yell(WEB_PASSWORD_WRONG, 'forgot_password.php');
	else {
		$_SESSION['tem_email']=$email;
		$_SESSION['do']='edit';
		wheel('forgot_password.php');
	}
}
// 改密
if($action=='update'){
	$key='you guess'; // safety key 安全码, 过滤非法提交
	if(isset($_POST["key"]) && $_POST["key"]!="") $key=clean($_POST["key"]);
	if($key != md5('ecomgear'.date('Ymd'))){ yell(WEB_INVALID_ACCESS,'./'); exit; }
	
	$email=''; if(isset($_POST["email"]) && $_POST["email"]!="") $email=clean($_POST["email"]);
	$password=''; if(isset($_POST["password"]) && $_POST["password"]!="") $password=clean($_POST["password"]);
	if($password==''){ wheel('./'); exit; }

	$arr=array(
		'password'=>sha1($password),
	);
	try{
		$gee->update($arr,'email',$email);
		yell(WEB_USE_NEW_PASSWORD, 'member.php');
	}
	catch(Exception $e){
		yell(WEB_FAILED, 'member.php');
	}
}

// unset($_SESSION['tem_email']);
// unset($_SESSION['do']);

// SEO setting SEO设置
$cate_name = WEB_RESET_PASSWORD;
$title=WEB_RESET_PASSWORD.' - '.$config['SITE_TITLE_'.LANG];
$dpn=$kwd=$title;

// view 加载视图
require VIEW.$url.'.php';

// end of file
